Privacy Policy

This policy describes how ELAYGENT handles two kinds of data:

• Visitor data — people who visit the public marketing site or sign in to a portal account.
• Customer data — data processed on behalf of a clinic that uses ELAYGENT, including patient names, phone numbers, appointment times, and call transcripts. ELAYGENT processes customer data as a service provider; the clinic is the data controller / covered entity.

Visitor data

• Account information you provide: email, name, role, password hash via Supabase Auth.
• Optional OAuth identifiers from Google or Apple if you sign in with those providers.
• Diagnostic logs, error reports (Sentry, scrubbed of PII where possible), product analytics (PostHog) — all bounded to the minimum needed to operate the service.

Customer data (PHI-adjacent)

• Caller phone number, caller name as given on the call.
• Call transcripts and AI-generated summaries; call recordings or recording URLs may be stored when a location's voice-provider configuration records calls.
• Booking-intent metadata: requested appointment time, service, clinician, location.
• Where a clinic configures it: appointment status, reschedule / cancellation history, missed-call recovery outcomes.

ELAYGENT does NOT collect: payment-card data (handled by Stripe), full patient charts, medical history, prescriptions, diagnoses, or imaging.

Customer data is used solely to deliver the service the clinic has configured: answering calls, capturing booking intent, generating recovery follow-ups, syncing approved data to the clinic's PMS / calendar, and populating operator dashboards. Visitor data is used to provide the portal, send transactional emails, and detect abuse.

ELAYGENT does NOT sell customer data. ELAYGENT does NOT use customer data to train external models. ELAYGENT does NOT use customer data for advertising.

Third parties that may process customer data on ELAYGENT's behalf are listed at /legal/subprocessors. That list is generated from the same configuration the backend actually uses; it stays in sync with the deployment. BAA posture per subprocessor is shown on the same page.

Implemented technical controls — encryption in transit and at rest, tenant isolation, role-based access, audit logging, rate limiting — are listed at /legal/security. That page is code-pinned and explicitly states what is and is not in scope. ELAYGENT is not SOC 2 certified and is not HIPAA certified; it is healthcare-aware and supports BAAs where available through provider and customer contracting.

Default retention windows for call transcripts, recordings, audit logs, and AI-generated summaries are documented in the in-product Settings page. Clinics can request shorter retention and configure recording opt-out per location. On account termination, customer data export and deletion follow the schedule documented at /legal/security.

If you are a patient whose data may have been processed by ELAYGENT on a clinic's behalf, contact the clinic directly for access, correction, or deletion of your records — the clinic is the data controller / covered entity and has the relationship with you.

If you are a portal user (clinic operator), you can update or delete your portal account by contacting your practice administrator or privacy@elaygent.com.

ELAYGENT's service is not directed at individuals under 13. Where a clinic uses ELAYGENT in a pediatric context, the clinic is responsible for parental-consent compliance under applicable law.

ELAYGENT operates on US-based infrastructure. Some subprocessors may process data outside the US; details are on the subprocessor list.

ELAYGENT may update this policy from time to time. Material changes that affect customer data handling require notice to the customer per the signed agreement.

Privacy questions: privacy@elaygent.com.